IT
Home Blog OAuth 1.0a “one legged” authentication with Ruby on Rails
OAuth 1.0a "one legged" authentication with Ruby on Rails

OAuth 1.0a “one legged” authentication with Ruby on Rails

Abhay Dave
11 October, 2019

OAuth 1.0a is an old method of authentication but is still in use by a lot of legacy third parties as a layer of authentication for their APIs.

OAuth 1.0a provides five modes –

  1. One Legged
  2. Two Legged
  3. Three Legged
  4. Echo
  5. xAuth

To learn more about different modes and OAuth refer to their official bible – http://oauthbible.com/

This article talks about how to perform one-legged authentication with Ruby on Rails.

The basic mechanism is as shown in the image below –

OAuth 1.0a “one-legged” authentication

Ref – http://oauthbible.com/

There are only two things that you require for performing an OAuth 1.0a authentication –

  1. Consumer Key
  2. Consumer Secret

The gem that works well for a one-legged approach is https://github.com/oauth-xx/oauth-rubyThere are other gems that can be used but I found this to be pretty straightforward.

Steps to follow –

1. Install the OAuth gem

sudo gem install oauth

or add it to your gem file and perform bundle install

gem 'oauth'

2. Create a consumer to consume various API endpoints

consumer=OAuth::Consumer.new('consumer_key', 'consumer_secret', :site => 'https://example.com')

3. How to make a GET call?

response = consumer.request(:get, ‘/resource/:id’, nil, {}, {})
puts response

4. How to make a POST call?

params = { "key1": "value1", "key2": "value2" }
response = @consumer.request(:post, '/resource', nil, {}, params)

If you need to specify Content-Type

response = @consumer.request(:post, '/resource', nil, {}, params,
{ 'Content-Type' => 'application/json' })
puts response

5. How to make a PUT call?

params = { "key1": "value1", "key2": "value2" }
response = @consumer.request(:put, '/resource', nil, {}, params.to_json)

If you need to specify Content-Type

response = @consumer.request(:put, '/resource', nil, {}, params.to_json, 
{ 'Content-Type' => 'application/json' })
puts response

Please note that for the PUT method, the parameters have to be strictly converted to JSON.

In case you want to test the OAuth 1.0a one-legged authentication over Postman, refer to the screenshot below

OAuth 1.0a “one-legged” authentication - Postman

I hope the above steps helped you to clear all your doubts. Still, If you have any queries or want to understand it in a better way. Please leave your comments and feedback in the comment section below. I will be glad to assist you.

Testing OAuth 1.0a One-Legged Authentication

In case you want to test the OAuth 1.0a one-legged authentication over Postman, refer to the screenshot below.

By implementing OAuth 1.0a authentication properly, you can ensure secure API interactions for legacy systems. Integrating OAuth into a Web Development Service makes it easier for businesses to provide secure access to their applications while maintaining data integrity.

I hope the above steps helped you clear all your doubts. Still, if you have any queries or want to understand it in a better way, please leave your comments and feedback in the comment section below. I will be glad to assist you.

TABLE OF CONTENT

Tags

  • API Development
  • Ruby on Rails

SHARE